data/5.19/5.19_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 5.19:
   CVE-2022-36946: 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 netfilter: nf_queue: do not allow packet truncation below transport header offset

 CVEs fixed in 5.19.1:
   CVE-2022-26373: f826d0412d80348aa22274ec9884cab0950a350b x86/speculation: Add RSB VM Exit protections

 CVEs fixed in 5.19.2:
   CVE-2022-1679: b66ebac40f64336ae2d053883bee85261060bd27 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
   CVE-2022-20422: 07022e07017ee5540f5559b0aeb916e8383c1e1a arm64: fix oops in concurrently setting insn_emulation sysctls
   CVE-2022-2585: b2fc1723eb65abb83e00d5f011de670296af0b28 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
   CVE-2022-2586: 0d07039397527361850c554c192e749cfc879ea9 netfilter: nf_tables: do not allow SET_ID to refer to another table
   CVE-2022-2588: ee3f18d90e80e79449d575fa3e7a6b775e9fc35e net_sched: cls_route: remove from list when handle is 0

 CVEs fixed in 5.19.4:
   CVE-2022-2785: b429d0b9a7a0f3dddb1f782b72629e6353f292fd bpf: Disallow bpf programs call prog_run command.
   CVE-2022-3635: af412b252550f9ac36d9add7b013c2a2c3463835 atm: idt77252: fix use-after-free bugs caused by tst_timer

 CVEs fixed in 5.19.6:
   CVE-2022-2590: 9def52eb10baab3b700858003d462fcf17d62873 mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW
   CVE-2022-2905: a36df92c7ff7ecde2fb362241d0ab024dddd0597 bpf: Don't use tnum_range on array range checking for poke descriptors
   CVE-2022-3028: 6901885656c029c976498290b52f67f2c251e6a0 af_key: Do not call xfrm_probe_algs in parallel
   CVE-2022-39190: fdca693fcf26c11596e7aa1e540af2b4a5288c76 netfilter: nf_tables: disallow binding to already bound chain

 CVEs fixed in 5.19.7:
   CVE-2022-42703: 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse

 CVEs fixed in 5.19.8:
   CVE-2022-20421: 603a47f2ae56bf68288784d3c0a8c5b8e0a827ed binder: fix UAF of ref->proc caused by race condition

 CVEs fixed in 5.19.9:
   CVE-2022-2663: 6cf0609154b2ce8d3ae160e7506ab316400a8d3d netfilter: nf_conntrack_irc: Fix forged IP logic
   CVE-2022-3303: 723ac5ab2891b6c10dd6cc78ef5456af593490eb ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
   CVE-2022-3586: 8f796f36f5ba839c11eb4685150ebeed496c546f sch_sfb: Don't assume the skb is still around after enqueueing to child
   CVE-2022-40307: d46815a8f26ca6db2336106a148265239f73b0af efi: capsule-loader: Fix use-after-free in efi_capsule_write

 CVEs fixed in 5.19.14:
   CVE-2022-2308: 38d854c4a11c3bbf6a96ea46f14b282670c784ac vduse: prevent uninitialized memory accesses

 CVEs fixed in 5.19.16:
   CVE-2022-40768: 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86 scsi: stex: Properly zero out the passthrough command structure
   CVE-2022-41674: 42ea11a81ac853c3e870c70d61ab435d0b09b851 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
   CVE-2022-42719: e6d77ac0132da7e73fdcc4a38dd4c40ac0226466 wifi: mac80211: fix MBSSID parsing use-after-free
   CVE-2022-42720: 46b23a9559580a72d8cc5811b1bce8db099806d6 wifi: cfg80211: fix BSS refcounting bugs
   CVE-2022-42721: 1d73c990e9bafc2754b1ced71345f73f5beb1781 wifi: cfg80211: avoid nontransmitted BSS list corruption
   CVE-2022-42722: fa63b5f6f8853ace755d9a23fb75817d5ba20df5 wifi: mac80211: fix crash in beacon protection for P2P-device

 CVEs fixed in 5.19.17:
   CVE-2022-3542: 96c0c14135f5803f9e94e6da2ee9c4b012fdcb20 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
   CVE-2022-43945: c2a878095b5c6f04f90553a3c45872f990dab14e NFSD: Protect against send buffer overflow in NFSv2 READDIR

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4916: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-14304: (unk)
   CVE-2020-15802: (unk)
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-25220: (unk)
   CVE-2020-26140: (unk)
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-35501: (unk)
   CVE-2020-36516: (unk)
   CVE-2021-0399: (unk)
   CVE-2021-26934: (unk)
   CVE-2021-3542: (unk)
   CVE-2021-3714: (unk)
   CVE-2021-3847: (unk)
   CVE-2021-3864: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-39800: (unk)
   CVE-2021-39801: (unk)
   CVE-2022-0400: (unk)
   CVE-2022-1116: (unk)
   CVE-2022-1247: (unk)
   CVE-2022-2209: (unk)
   CVE-2022-23825: (unk)
   CVE-2022-25265: (unk)
   CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release
   CVE-2022-26878: (unk)
   CVE-2022-2961: (unk)
   CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
   CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
   CVE-2022-3238: (unk)
   CVE-2022-3344: (unk)
   CVE-2022-3424: (unk)
   CVE-2022-3435: (unk) ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
   CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work
   CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
   CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
   CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
   CVE-2022-3531: (unk)
   CVE-2022-3534: (unk)
   CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak
   CVE-2022-3541: (unk) eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
   CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb.
   CVE-2022-3544: (unk)
   CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
   CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
   CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
   CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
   CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
   CVE-2022-3594: (unk) r8152: Rate limit overflow messages
   CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
   CVE-2022-3619: (unk) Bluetooth: L2CAP: Fix memory leak in vhci_write
   CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
   CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
   CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
   CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload
   CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
   CVE-2022-36280: (unk)
   CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
   CVE-2022-3630: (unk) fscache: don't leak cookie access refs if invalidation is in progress or failed
   CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs
   CVE-2022-3640: (unk) Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
   CVE-2022-36402: (unk)
   CVE-2022-3642: (unk)
   CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
   CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
   CVE-2022-3707: (unk)
   CVE-2022-38096: (unk)
   CVE-2022-38457: (unk)
   CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
   CVE-2022-3977: (unk) mctp: prevent double key removal and unref
   CVE-2022-40133: (unk)
   CVE-2022-41218: (unk)
   CVE-2022-41848: (unk)
   CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
   CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
   CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
   CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
   CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
   CVE-2022-44032: (unk)
   CVE-2022-44033: (unk)
   CVE-2022-44034: (unk)

	CVEs fixed in 5.19:
	CVE-2022-36946: 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 netfilter: nf_queue: do not allow packet truncation below transport header offset

	CVEs fixed in 5.19.1:
	CVE-2022-26373: f826d0412d80348aa22274ec9884cab0950a350b x86/speculation: Add RSB VM Exit protections

	CVEs fixed in 5.19.2:
	CVE-2022-1679: b66ebac40f64336ae2d053883bee85261060bd27 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
	CVE-2022-20422: 07022e07017ee5540f5559b0aeb916e8383c1e1a arm64: fix oops in concurrently setting insn_emulation sysctls
	CVE-2022-2585: b2fc1723eb65abb83e00d5f011de670296af0b28 posix-cpu-timers: Cleanup CPU timers before freeing them during exec
	CVE-2022-2586: 0d07039397527361850c554c192e749cfc879ea9 netfilter: nf_tables: do not allow SET_ID to refer to another table
	CVE-2022-2588: ee3f18d90e80e79449d575fa3e7a6b775e9fc35e net_sched: cls_route: remove from list when handle is 0

	CVEs fixed in 5.19.4:
	CVE-2022-2785: b429d0b9a7a0f3dddb1f782b72629e6353f292fd bpf: Disallow bpf programs call prog_run command.
	CVE-2022-3635: af412b252550f9ac36d9add7b013c2a2c3463835 atm: idt77252: fix use-after-free bugs caused by tst_timer

	CVEs fixed in 5.19.6:
	CVE-2022-2590: 9def52eb10baab3b700858003d462fcf17d62873 mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW
	CVE-2022-2905: a36df92c7ff7ecde2fb362241d0ab024dddd0597 bpf: Don't use tnum_range on array range checking for poke descriptors
	CVE-2022-3028: 6901885656c029c976498290b52f67f2c251e6a0 af_key: Do not call xfrm_probe_algs in parallel
	CVE-2022-39190: fdca693fcf26c11596e7aa1e540af2b4a5288c76 netfilter: nf_tables: disallow binding to already bound chain

	CVEs fixed in 5.19.7:
	CVE-2022-42703: 7877eaa1131147b4d6a063962f3aac0ab1b8ea1c mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse

	CVEs fixed in 5.19.8:
	CVE-2022-20421: 603a47f2ae56bf68288784d3c0a8c5b8e0a827ed binder: fix UAF of ref->proc caused by race condition

	CVEs fixed in 5.19.9:
	CVE-2022-2663: 6cf0609154b2ce8d3ae160e7506ab316400a8d3d netfilter: nf_conntrack_irc: Fix forged IP logic
	CVE-2022-3303: 723ac5ab2891b6c10dd6cc78ef5456af593490eb ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
	CVE-2022-3586: 8f796f36f5ba839c11eb4685150ebeed496c546f sch_sfb: Don't assume the skb is still around after enqueueing to child
	CVE-2022-40307: d46815a8f26ca6db2336106a148265239f73b0af efi: capsule-loader: Fix use-after-free in efi_capsule_write

	CVEs fixed in 5.19.14:
	CVE-2022-2308: 38d854c4a11c3bbf6a96ea46f14b282670c784ac vduse: prevent uninitialized memory accesses

	CVEs fixed in 5.19.16:
	CVE-2022-40768: 6ae8aa5dcf0d7ada07964c8638e55d3af5896a86 scsi: stex: Properly zero out the passthrough command structure
	CVE-2022-41674: 42ea11a81ac853c3e870c70d61ab435d0b09b851 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
	CVE-2022-42719: e6d77ac0132da7e73fdcc4a38dd4c40ac0226466 wifi: mac80211: fix MBSSID parsing use-after-free
	CVE-2022-42720: 46b23a9559580a72d8cc5811b1bce8db099806d6 wifi: cfg80211: fix BSS refcounting bugs
	CVE-2022-42721: 1d73c990e9bafc2754b1ced71345f73f5beb1781 wifi: cfg80211: avoid nontransmitted BSS list corruption
	CVE-2022-42722: fa63b5f6f8853ace755d9a23fb75817d5ba20df5 wifi: mac80211: fix crash in beacon protection for P2P-device

	CVEs fixed in 5.19.17:
	CVE-2022-3542: 96c0c14135f5803f9e94e6da2ee9c4b012fdcb20 bnx2x: fix potential memory leak in bnx2x_tpa_stop()
	CVE-2022-43945: c2a878095b5c6f04f90553a3c45872f990dab14e NFSD: Protect against send buffer overflow in NFSv2 READDIR

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4916: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-14304: (unk)
	CVE-2020-15802: (unk)
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-25220: (unk)
	CVE-2020-26140: (unk)
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-35501: (unk)
	CVE-2020-36516: (unk)
	CVE-2021-0399: (unk)
	CVE-2021-26934: (unk)
	CVE-2021-3542: (unk)
	CVE-2021-3714: (unk)
	CVE-2021-3847: (unk)
	CVE-2021-3864: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-39800: (unk)
	CVE-2021-39801: (unk)
	CVE-2022-0400: (unk)
	CVE-2022-1116: (unk)
	CVE-2022-1247: (unk)
	CVE-2022-2209: (unk)
	CVE-2022-23825: (unk)
	CVE-2022-25265: (unk)
	CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release
	CVE-2022-26878: (unk)
	CVE-2022-2961: (unk)
	CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
	CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
	CVE-2022-3238: (unk)
	CVE-2022-3344: (unk)
	CVE-2022-3424: (unk)
	CVE-2022-3435: (unk) ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
	CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work
	CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
	CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
	CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
	CVE-2022-3531: (unk)
	CVE-2022-3534: (unk)
	CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak
	CVE-2022-3541: (unk) eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address
	CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb.
	CVE-2022-3544: (unk)
	CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
	CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
	CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
	CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
	CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
	CVE-2022-3594: (unk) r8152: Rate limit overflow messages
	CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
	CVE-2022-3619: (unk) Bluetooth: L2CAP: Fix memory leak in vhci_write
	CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
	CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
	CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
	CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload
	CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
	CVE-2022-36280: (unk)
	CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
	CVE-2022-3630: (unk) fscache: don't leak cookie access refs if invalidation is in progress or failed
	CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs
	CVE-2022-3640: (unk) Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
	CVE-2022-36402: (unk)
	CVE-2022-3642: (unk)
	CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
	CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
	CVE-2022-3707: (unk)
	CVE-2022-38096: (unk)
	CVE-2022-38457: (unk)
	CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
	CVE-2022-3977: (unk) mctp: prevent double key removal and unref
	CVE-2022-40133: (unk)
	CVE-2022-41218: (unk)
	CVE-2022-41848: (unk)
	CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
	CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
	CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
	CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
	CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
	CVE-2022-44032: (unk)
	CVE-2022-44033: (unk)
	CVE-2022-44034: (unk)